SpringerLink
Log in

AS-IDS: Anomaly and Signature Based IDS for the Internet of Things

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) is a massively extensive environment that can manage many diverse applications. Security is critical due to potential malicious threats and the diversity of the connectivity. Devices can protect themselves and detect threats with the Intrusion Detection System (IDS). IDS typically uses one of two approaches: anomaly-based or signature-based. This paper proposes a model (known as “AS-IDS”) that combines these two approaches to detect known and unknown attacks in IoT networks. The proposed model has three phases: traffic filtering, preprocessing and the hybrid IDS. In the first phase, the arrival traffic is filtered at the IoT gateway by matching packet features, after which the preprocessing phase applies a Target Encoder, Z-score and Discrete Hessian Eigenmap (DHE) to encode, normalize and eliminate redundancy, respectively. In the final phase, the hybrid IDS integrates signatures and anomalies. The signature-based IDS subsystem investigates packets with Lightweight Neural Network (LightNet), which uses Human Mental Search (HMS) for traffic clustering in the hidden layer and Boyer Moore is used to search for a particular signature in the output layer that is accelerated by using the Generalized Suffix Tree (GST) algorithm and by matching the signatures it classifies the attacks as intruder, normal or unknown. The anomaly-based IDS subsystem employs Deep Q-learning to identify unknown attacks, and uses Signal to Noise Ratio (SNR) and bandwidth to classify the attacks into five classes: Denial of Service (DoS), Probe, User-to-Root (U2R), Remote-to-Local (R2L), and normal traffic. Detected packets are then generated with new signatures, using the Position Aware Distribution Signature (PADS) algorithm. The proposed AS-IDS is implemented in real-time traffic with the NSL-KDD dataset, and the results are evaluated in terms of Detection Rate (DR), False Alarm Rate (FAR), Specificity, F-measure and computation time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Jararweh, Y., Otoum, S., Ridhawi, I.Al: “Trustworthy and sustainable smart city services at the edge”. Sustain. Cities Soc. 62, 1–11 (2020)

    Article  Google Scholar 

  2. Aloqaily, M., Otoum, S., Ridhawi, I.Al, Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw. 90, 1–14 (2019)

    Article  Google Scholar 

  3. Santos, L. Rabadao, C., Gonçalves, R.: Intrusion detection systems in Internet of Things: A literature review. 13th Iberian Conference on Information systems and Technologies (CISTI) (2018)

  4. Fu, Y., Yan, Z., Cao, J., Koné, O., Cao, X.: An automata based intrusion detection method for Internet of Things. Mobile Inf. Syst. https://doi.org/10.1155/2017/1750637 (2017)

  5. Elrawy, M.F., Awad, A.I., Hamed, H.F.A.: Intrusion detection systems for IoT-based smart environments: a survey. J. Cloud Comput. 7, 1–20 (2018)

    Article  Google Scholar 

  6. Salunkhe, U.R., Mali, S.N.: Security enrichment in intrusion detection system using classifier ensemble. J. Electr. Comput. Eng. (2017). https://doi.org/10.1155/2017/1794849

    Article  Google Scholar 

  7. Vengatesan, K., Kumar, A., Naik, R., Verma, D.K.: Anomaly based novel intrusion detection system for network traffic reduction. In: 2nd International Conference on I-SMAC. IoT in Social, Mobile, Analytics and Cloud (2019)

  8. Cepheli, Ö., Büyükçorak, S., Kurt, G.K.: Hybrid intrusion detection system for DDoS attacks. J. Electr. Comput. Eng. https://doi.org/10.1155/2016/1075648 (2016)

  9. Saleh, A.I., Talaat, F.M., Labib, L.M.: A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif. Intell. Rev. 51, 403–443 (2019)

    Article  Google Scholar 

  10. Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics 9, 173 (2020)

    Article  Google Scholar 

  11. Khan, I.A., Pi, D., Khan, Z.U., Hussain, Y., Nawaz, A.: HML-IDS: a hybrid-multilevel anomaly prediction approach for intrusion detection in SCADA systems. IEEE Access 7, 89507–89521 (2019)

    Article  Google Scholar 

  12. Elhefnawy, R., Abounaser, H., Badr, A.: A hybrid nested genetic-fuzzy algorithm framework for intrusion detection and attacks. IEEE Access 8, 98218–98233 (2020)

    Article  Google Scholar 

  13. Jiang, K., Wang, W., Wang, A., Wu, H.: Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE Access 8, 32464–32476 (2020)

    Article  Google Scholar 

  14. Kim, J., Kim, J., Kim, H., Shim, M.: CNN-based network intrusion detection against denial-of-service attacks. Electronics 9(6), 916 (2020)

    Article  Google Scholar 

  15. Tobi, A.M.Al, Duncan, I.: Improving intrusion detection model prediction by threshold adaptation. Information 10, 159 (2019)

    Article  Google Scholar 

  16. Magán-Carrión, R., Urda, D., Díaz-Cano, I., Dorronsoro, B.: Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl. Sci. 10, 1775 (2020)

    Article  Google Scholar 

  17. de Lima Filho, F.S., Silveira, F.A.F., de Medeiros Brito Jr, A., Vargas-Solar, G., Silveira, L. F.: Smart detection: an online approach for dos/ ddos attack detection using machine learning. Secur. Commun. Netw. https://doi.org/10.1155/2019/1574749 (2019)

  18. Yang, K., Ren, J., Zhu, Y., Zhang, W.: Active learning for wireless IoT intrusion detection. IEEE Wirel. Commun. 25(6), 19–25 (2018)

    Article  Google Scholar 

  19. Otoum, Y., Nayak, A.: “On securing IoT from Deep Learning perspective”, 2020 IEEE Symposium on Computers and Communications (ISCC), pp. 1-7, (2020). https://doi.org/10.1109/ISCC50000.2020.9219671

  20. Otoum, S., Kantarci, B., Mouftah, H.T.: On the feasibility of deep learning in sensor network intrusion detection. IEEE Netw. Lett. 1(2), 68–71 (2019)

    Article  Google Scholar 

  21. Khan, Z.A., Abbasi, U.: Reputation management using honeypots for intrusion detection in the internet of things. Electronics 9(3), 1–30 (2020)

    Google Scholar 

  22. Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J., Alazab, A.: A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks. Electronics 8(11), 1–18 (2019)

    Article  Google Scholar 

  23. Iman, A.N., Ahmad, T.: Improving Intrusion Detection System by Estimating Parameters of Random Forest in Boruta. Presented at the (2020)

  24. Rajagopal, S., Kundapur, P., Hareesha, K.: A stacking ensemble for network intrusion detection using heterogeneous datasets. Secur. Commu. Netw. (2020). https://doi.org/10.1155/2020/4586875

  25. Aung, Y., Min, M.: Hybrid Intrusion Detection System using K-means and K-Nearest Neighbors Algorithms. IEEE/ACIS 17th International Conference on Computer and Information Science (ICIS) (2018)

  26. Lv, L., Wang, W., Zhang, Z., Liu, X.: A novel intrusion detection system based on an optimal hybrid kernel extreme learning machine. Knowl. Based Syst. 195, 102548 (2020)

    Article  Google Scholar 

  27. Alazzam, H., Sharieh, A., Sabri, K.E.: A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Expert Syst. Appl. 148, 1–14 (2020)

    Article  Google Scholar 

  28. Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. 31, 541–553 (2018)

    Google Scholar 

  29. Zhang, Y., Li, P., Wang, X.: Intrusion detection for IoT based on improved genetic algorithm and deep belief network. IEEE Access 7, 31711–31722 (2019)

    Article  Google Scholar 

  30. Hachmi, F., Boujenfa, K., Limam, M.: Enhancing the accuracy of intrusion detection systems by reducing the rates of false positives and false negatives through multi-objective optimization. J. Netw. Syst. Manag. 27, 93–120 (2019)

    Article  Google Scholar 

  31. Karatas, G., Demir, O., Sahingoz, O.K.: Deep learning in intrusion detection system. International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) (2018)

  32. Thamilarasu, G., Chawla, S.: Towards deep-learning-driven intrusion detection for the internet of things. Sensors 19(9), 1–19 (2019)

    Article  Google Scholar 

  33. Balakrishnan, N., Rajendran, A., Pelusi, D., Ponnusamy, V.: Deep belief network enhanced intrusion detection system to prevent security breach in the internet of things. Internet Things 4(33), 1–8 (2019)

    Google Scholar 

  34. Khan, M.A., Karim, M.R., Kim, Y.: A scalable and hybrid intrusion detection system based on the convolutional-LSTM network. Symmetry 11(4), 583 (2019)

    Article  Google Scholar 

  35. Otoum, Y., Liu, D., Nayak, A.: DL-IDS: a deep learning-based intrusion detection framework for securing IoT. Emerg. Telecommun. Technol, Trans (2019). https://doi.org/10.1002/ett.3803

    Book  Google Scholar 

  36. Pajouh, H.H., Javidan, R., Khayami, R., Dehghantanha, A., Choo, K.R.: A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in iot backbone networks. IEEE Trans. Emerg. Top. Comput. 7, 314–323 (2019)

    Article  Google Scholar 

  37. Kaur, S., Singh, M.J.: Hybrid intrusion detection and signature generation using deep recurrent neural networks. Neural Comput. Appl. 32, 7859–7877 (2019)

    Article  Google Scholar 

  38. Ye, Q., Zhi, W.: Discrete hessian eigenmaps method for dimensionality reduction. J. Comput. Appl. Math. 278, 197–212 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  39. Tang, Y., Chen, S.: An automated signature-based approach against polymorphic internet worms. IEEE Trans. Parallel Distrib. Syst. 18(7), 879–892 (2007)

    Article  Google Scholar 

  40. Khan, A.H.: Lightweight Neural Networks. ar**v:1712.05695v1(2017)

  41. Mousavirad, S.J., Ebrahimpour-Komleh, H.: Human mental search: a new population-based metaheuristic optimization algorithm. Appl. Intell. 47, 850–887 (2017). https://doi.org/10.1007/s10489-017-0903-6

    Article  Google Scholar 

  42. Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017). https://doi.org/10.1109/ACCESS.2017.2762418

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical Engineering and Computer Science, University of Ottawa, Ottawa, Canada

    Yazan Otoum & Amiya Nayak

Authors
  1. Yazan Otoum
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amiya Nayak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yazan Otoum.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Otoum, Y., Nayak, A. AS-IDS: Anomaly and Signature Based IDS for the Internet of Things. J Netw Syst Manage 29, 23 (2021). https://doi.org/10.1007/s10922-021-09589-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-021-09589-6

Keywords

Search

Navigation